Merge pull request #809 from thecantero/patch-1

Update to support Kong-v0.10.x
This commit is contained in:
neil 2017-04-28 10:14:53 +08:00 committed by GitHub
commit c97c79ab2f
2 changed files with 27 additions and 28 deletions

View File

@ -21,8 +21,11 @@ acme.sh --deploy -d example.com --deploy-hook cpanel
## 2. Deploy ssl cert on kong proxy engine based on api. ## 2. Deploy ssl cert on kong proxy engine based on api.
Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert). Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
Currently supports Kong-v0.10.x.
(TODO) ```sh
acme.sh --deploy -d ftp.example.com --deploy-hook kong
```
## 3. Deploy the cert to remote server through SSH access. ## 3. Deploy the cert to remote server through SSH access.

View File

@ -1,13 +1,7 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# If certificate already exist it will update only cert and key not touching other parameter
# This deploy hook will deploy ssl cert on kong proxy engine based on api request_host parameter. # If certificate doesn't exist it will only upload cert and key and not set other parameter
# Note that ssl plugin should be available on Kong instance # Note that we deploy full chain
# The hook will match cdomain to request_host, in case of multiple domain it will always take the first
# one (acme.sh behaviour).
# If ssl config already exist it will update only cert and key not touching other parameter
# If ssl config doesn't exist it will only upload cert and key and not set other parameter
# Not that we deploy full chain
# See https://getkong.org/plugins/dynamic-ssl/ for other options
# Written by Geoffroi Genot <ggenot@voxbone.com> # Written by Geoffroi Genot <ggenot@voxbone.com>
######## Public functions ##################### ######## Public functions #####################
@ -31,14 +25,15 @@ kong_deploy() {
_debug _cca "$_cca" _debug _cca "$_cca"
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
#Get uuid linked to the domain #Get ssl_uuid linked to the domain
uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') ssl_uuid=$(_get "$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
if [ -z "$uuid" ]; then if [ -z "$ssl_uuid" ]; then
_err "Unable to get Kong uuid for domain $_cdomain" _debug "Unable to get Kong ssl_uuid for domain $_cdomain"
_err "Make sure that KONG_URL is correctly configured" _debug "Make sure that KONG_URL is correctly configured"
_err "Make sure that a Kong api request_host match the domain" _debug "Make sure that a Kong certificate match the sni"
_err "Kong url: $KONG_URL" _debug "Kong url: $KONG_URL"
return 1 _info "No existing certificate, creating..."
#return 1
fi fi
#Save kong url if it's succesful (First run case) #Save kong url if it's succesful (First run case)
_saveaccountconf KONG_URL "$KONG_URL" _saveaccountconf KONG_URL "$KONG_URL"
@ -48,12 +43,14 @@ kong_deploy() {
#Set Header #Set Header
_H1="Content-Type: multipart/form-data; boundary=$delim" _H1="Content-Type: multipart/form-data; boundary=$delim"
#Generate data for request (Multipart/form-data with mixed content) #Generate data for request (Multipart/form-data with mixed content)
#set name to ssl if [ -z "$ssl_uuid" ]; then
content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl" #set sni to domain
content="--$delim${nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain"
fi
#add key #add key
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
#Add cert #Add cert
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
#Close multipart #Close multipart
content="$content${nl}--$delim--${nl}" content="$content${nl}--$delim--${nl}"
#Convert CRLF #Convert CRLF
@ -61,17 +58,16 @@ kong_deploy() {
#DEBUG #DEBUG
_debug header "$_H1" _debug header "$_H1"
_debug content "$content" _debug content "$content"
#Check if ssl plugins is aready enabled (if not => POST else => PATCH) #Check if sslcreated (if not => POST else => PATCH)
ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
_debug ssl_uuid "$ssl_uuid"
if [ -z "$ssl_uuid" ]; then if [ -z "$ssl_uuid" ]; then
#Post certificate to Kong #Post certificate to Kong
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST") response=$(_post "$content" "$KONG_URL/certificates" "" "POST")
else else
#patch #patch
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH") response=$(_post "$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH")
fi fi
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then if ! [ "$(echo "$response" | _egrep_o "created_at")" = "created_at" ]; then
_err "An error occurred with cert upload. Check response:" _err "An error occurred with cert upload. Check response:"
_err "$response" _err "$response"
return 1 return 1